一、安装httpd
[root@station68 yum.repos.d]# yum list all |grep http
Unable to read consumer identity
httpd.i386 2.2.3-63.el5 base
httpd-devel.i386 2.2.3-63.el5 base
httpd-manual.i386 2.2.3-63.el5 base
jakarta-commons-httpclient.i386 1:3.0-7jpp.1 base
jakarta-commons-httpclient-demo.i386 1:3.0-7jpp.1 base
jakarta-commons-httpclient-javadoc.i386 1:3.0-7jpp.1 base
jakarta-commons-httpclient-manual.i386 1:3.0-7jpp.1 base
mockobjects-alt-httpclient.i386 0.09-14jpp.3 base
mockobjects-httpclient.i386 0.09-14jpp.3 base
system-config-httpd.noarch 5:1.3.3.3-1.el5 base
[root@station68 yum.repos.d]# yum install httpd -y
[root@station68 ~]# rpm -ql httpd ##可以查看安装httpd所生成的文件
[root@station68 ~]# service httpd start ###启动服务
Starting httpd: [ OK ]
[root@station68 ~]# netstat -tnlp ##查看监听的80端口是否启用
用浏览器测试如图
删除配置文件中的welcome.conf就可以不再显示此网页
[root@station68 ~]# cd /etc/httpd/conf.d/
[root@station68 conf.d]# ls
proxy_ajp.conf README welcome.conf
[root@station68 conf.d]# rm welcome.conf
rm: remove regular file `welcome.conf'? y
[root@station68 conf.d]# service httpd restart ##重启服务
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
刷新浏览器如图所示
提供网页内容
[root@station68 conf.d]# cd /var/www/html/
[root@station68 html]# ls
[root@station68 html]# vim wang.html ##编辑网页
<html>
<title>Hi</title>
<h1>Hello</h1>
My name is wangxin.
</html>
刷新浏览器
点击网页文件
二、创建虚拟主机
首先要在主配置文件中取消中心主机
[root@station68 ~]# cd /etc/httpd/conf
[root@station68 conf]# vim httpd.conf
[root@localhost ~]# vim /etc/httpd/conf.d/virtual.conf
[root@localhost ~]# ip addr add 172.16.86.3/16 dev eth0 ##为eth0再添加一个IP地址
[root@localhost ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:b7:af:f1 brd ff:ff:ff:ff:ff:ff
inet 172.16.86.2/16 brd 172.16.255.255 scope global eth0
inet 192.168.113.2/24 brd 192.168.113.255 scope global eth0:0
inet 172.16.86.3/16 scope global secondary eth0
修改配置文件监听8080端口
[root@station68 conf]# vim httpd.conf
重启服务:
测试网页:
自定义日志文件只需在配置文件中添加一项即可
[root@localhost ~]# vim /etc/httpd/conf.d/virtual.conf
[root@localhost a.org]# cd /var/log/httpd/
[root@localhost httpd]# ls
access_log access_log.1 error_log error_log.1 error_log.2
[root@localhost httpd]# mkdir magedu.com a.org
[root@localhost httpd]# ls
access_log access_log.1 a.org error_log error_log.1 error_log.2 magedu.com
[root@localhost httpd]# chown apache:apache magedu.com/ a.org/ ##修改属主和属组
[root@localhost httpd]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
测试网页:
登录成功:
拒绝IP访问的设置:
[root@localhost ~]# vim /etc/httpd/conf.d/virtual.conf
[root@localhost httpd]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
网页测试:
三、ssl的实现
1、要想使web服务器支持ssl功能就要先安装mod_ssl模块
[root@www ~]# yum install mod_ssl �Cy #安装mod_ssl模块
[root@www ~]# rpm -ql mod_ssl #查看生成的文件
/etc/httpd/conf.d/ssl.conf
/usr/lib/httpd/modules/mod_ssl.so
/var/cache/mod_ssl
/var/cache/mod_ssl/scache.dir
/var/cache/mod_ssl/scache.pag
/var/cache/mod_ssl/scache.sem
2、提供CA
另找一台主机作为CA
[root@localhost ~]# cd /etc/pki/
[root@localhost pki]# ls
CA entitlement nssdb product rpm-gpg tls
[root@localhost pki]# cd CA/
[root@localhost CA]# ls
Private
[root@mail CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048) ##生成私钥
Generating RSA private key, 2048 bit long modulus
......................................+++
..........................................................................................+++
e is 65537 (0x10001)
[root@mail CA]# ls -l private/ ##查看属性
total 8
-rw------- 1 root root 1675 Apr 17 22:13 cakey.pem
[root@mail CA]#vim ../tls/openssl.cnf
[root@mail CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3655 ##生成自签证书
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Henan]:
Locality Name (eg, city) [Zhengzhou]:
Organization Name (eg, company) [MageEdu]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) []:ca.magedu.com
Email Address []:[email protected]
[root@mail CA]# ls
cacert.pem private
[root@mail CA]# mkdir certs crl newcerts
[root@mail CA]# touch index.txt
[root@mail CA]# echo 01 > serial
[root@mail CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@mail CA]#
切换到web服务器
[root@www ~]# cd /etc/httpd/
[root@www httpd]# mkdir ssl
[root@www httpd]# ls
conf conf.d htpasswd logs modules run ssl
[root@www ssl]# (umask 077; openssl genrsa 1024 > httpd.key) ##生成私钥
Generating RSA private key, 1024 bit long modulus
......++++++
....................++++++
e is 65537 (0x10001)
[root@www ssl]# ll
total 8
-rw------- 1 root root 891 Apr 17 22:36 httpd.key
[root@www ssl]# openssl req -new -key httpd.key -out httpd.csr ##生成证书签署请求
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:Henan
Locality Name (eg, city) [Newbury]:Zhengzhou
Organization Name (eg, company) [My Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's hostname) []:hello.magedu.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
把证书签署请求发给服务器
[root@www ssl]# scp httpd.csr 172.16.86.1:/tmp
The authenticity of host '172.16.86.1 (172.16.86.1)' can't be established.
RSA key fingerprint is 4a:07:84:06:7c:f9:9b:a2:8e:b1:d2:0a:b8:27:2c:ef.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.86.1' (RSA) to the list of known hosts.
[email protected]'s password:
httpd.csr 100% 704 0.7KB/s 00:00
切换到做CA的主机签署证书
复制证书到web服务器
[root@www ssl]# scp 172.16.86.1:/tmp/httpd.crt ./
[email protected]'s password:
httpd.crt 100% 3864 3.8KB/s 00:00
[root@www ssl]# ls
httpd.crt httpd.csr httpd.key
[root@www ssl]# cd /etc/httpd/conf.d/
[root@www conf.d]# ls
proxy_ajp.conf README ssl.conf virtual.conf welcome.conf.bak
[root@www conf.d]# vim ssl.conf ##编辑配置文件
[root@www conf.d]# httpd -t
Syntax OK
[root@www conf.d]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
切换到做CA的主机把/etc/pki/CA下的cacert.pem 给物理主机一份,并改名为cacert..crt 双击安装即可。
测试网页: